will give the user enough flexibility to do whatever he
wantsunless we fix ldap_start_tls_s because this is
the executionsequence of ldap_start_tls_s:

ldap_start_tls_s->ldap_int_tls_start->ldap_int_tls_connect->alloc_handle->ldap_pvt_tls_int_def_ctx () which will overwrite
whatever the userhas done before.

Not true.
ldap_pvt_tls_init_def_ctx() will not overwrite the context if it has already
been initialized. If a user calls the sequence I outlined above before calling
ldap_start_tls_s() then their customized context will be used. Since the library
works this way, I see no reason to provide additional hooks to customize the
global TLS context.